Foxit Reader < 7.2 Multiple RCE

High Nessus Network Monitor Plugin ID 9458

Synopsis

The remote host has been observed running a version of Foxit Reader that is subject to multiple Remote Code Execution (RCE) attack vectors.

Description

Versions of Foxit Reader prior to 7.1 are affected by the following vulnerbilities :

- A flaw exists in 'ConvertToPDF.dll' that is triggered when handling 'tEXt' chunks in PNG images. With a specially crafted PNG image, a context-dependent attacker can potentially execute arbitrary code. (OSVDB 125418)
- A flaw exists that is triggered as user-supplied input is not properly validated when handling XFA forms. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 125559)
- A flaw exists that is triggered when handling color tables while converting GIF images to PDF files. With a specially crafted GIF image, a context-dependent attacker can corrupt heap memory and potentially execute arbitrary code. (OSVDB 126400)
- A flaw exists that is triggered when converting TIFF images to PDF files. With a specially crafted TIFF image, a context-dependent attacker can potentially execute arbitrary code. (OSVDB 126401)

Solution

Upgrade Foxit Reader to version 7.2 or later.

See Also

https://www.foxitsoftware.com/support/security-bulletins.php#FRD-29

https://www.foxitsoftware.com/support/security-bulletins.php#FRD-30

https://www.foxitsoftware.com/support/security-bulletins.php#FRD-31

https://www.foxitsoftware.com/support/security-bulletins.php#FRD-32

Plugin Details

Severity: High

ID: 9458

File Name: 9458.prm

Family: CGI

Published: 2016/08/05

Modified: 2016/08/05

Dependencies: 9456

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:foxitsoftware:reader

Patch Publication Date: 2015/07/29

Vulnerability Publication Date: 2015/07/27